[WEB SECURITY] XSS Question

Michele Orru antisnatchor at gmail.com
Thu Jun 23 12:48:39 EDT 2011


Hi Jason,

too understand the real impact of XSS, meaning what you can really 
obtain, except from Robert links
take also a look at BeEF (http://code.google.com/p/beef/). We are 
developing a lot of cool ideas that can be done
exploiting even a simple reflected XSS (or DOM-based one).

Feel free to ask questions on our mailing lists (very low traffic).

Cheers
/antisnatchor

> ------------------------------------------------------------------------
>
> 	Jason Drury <mailto:druryjason at yahoo.com>
> June 23, 2011 6:15 PM
>
>
> Hello,
>
> During a recent web pentest I found an input vulnerable to XSS. The 
> developers have come back to me saying they resolved the issue, but 
> upon retesting I found it still vulnerable to the following 
> string: \";alert('XSS');//
>
> Just for my own education, can anything malicious be done with such a 
> string or is the extent of the damage a popup box (which is what I 
> currently get).
>
> Thank you,
> Jason
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110623/4cabe7b2/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 1421 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110623/4cabe7b2/attachment.jpg>


More information about the websecurity mailing list